Passwords are normally the one thing standing between you and hackers who are after your data. We often hear the phrases ‘strong’ or ‘weak’ password but what is it that makes a password secure? How do hackers guess passwords? And, most importantly, how can we ensure our passwords will protect us?
Today we’re going to answer all these questions and figure out how you can easily master password security.
1. How do hackers ‘crack’ a password?
The most common attack used is a ‘brute force attack’.
This is when an attacker enters password after password, extremely quickly until one of them works and they can gain access to your account. These attacks are carried out by a ‘botnet’, which is a group of devices all connected which can work on one task together. We’re no longer looking at one hacker typing in password after password, but these devices blasting through hundreds of thousands of passwords a minute.
Brute force attacks are considered to be 100% effective – if they keep guessing forever, eventually they’ll get your password.
BUT if your password is strong, it may take so long to crack that not even the potential hacker’s great-grandchildren will be able to get inside your account.
Elevate your security with our expert cyber security Managed Services. Shield your business from threats – act now for fortified protection!
2. What makes a password secure?
So the goal is to make the password as difficult for a botnet to guess as possible, and there are a few simple ways to do this – some of which you may be very familiar with.
-
-
- Add characters
- Use both upper case and lower case letters
- Add numbers and symbols
-
With just these simple additions, it can be surprising how much more time it would take a hacker to crack your password.
(Please note: these times are rough estimates)
Look at the huge difference in times between a password with 12 digits only using the lower case alphabet and a password with 11 digits using lower case, upper case, numbers AND symbols. 16 minutes vs. 237k years. It’s a no brainer, isn’t it?
Though whilst adding those extra flourishes may increase your security, they can be extremely difficult to remember.
3. How can we make our passwords as secure as possible but still memorable?
One of the best ways to make secure but memorable passwords is to swap out certain characters for another that look similar.
For example, you could swap an “a” for a “4” (which looks like a capital A), an “s” for a “5” or “$”, “I” for “1” or “!”. Adding these symbols and numbers will, as we’ve seen before boost your security exponentially.
Here are some examples:
4. Other strategies to improve password security
So you’ve made your passwords more complex, but what else can you do? Well here’s a few other strategies we recommend:
-
-
-
- Make use of two-factor authentication (2FA)
- 2FA is an additional process to verify that it’s really you logging in to your account. In the majority of cases, you can wither get a verification code sent to your phone or email, or you can use an authenticator app that gives you a verification code that changes often. All you need to do then is to type that extra verification code and you’re in!
- Whilst it might seem like a bit of a hassle, for your important accounts it will give you extra peace of mind.
- Make use of two-factor authentication (2FA)
-
-
-
-
-
- Use different passwords for different accounts
- If someone manages to crack one of your passwords, makes sure they can’t get access to every account you have by using a different password for each account you have.
- Whilst this could be difficult to remember, it will definitely boost your security. And regarding the memory issue, our next tip should be able to help you with that!
- Use different passwords for different accounts
-
-
-
-
-
- Use a secure password keychain to store all your new, confusing but secure passwords
- You’re probably using one of these already! You can use the built-in one for Apple, Google or Windows – or there are other purpose-built versions that utilise an even higher level of security.
- Use a secure password keychain to store all your new, confusing but secure passwords
-
-
-
-
-
- Our final tip is that you should aim to change your password periodically.
- Brute force attacks are time-sensitive and each time you reset your password a brute force attack has to start again, rendering them useless. Also, you’re not always going to notice if your account has been breached. We recommend every 6 months.
- Our final tip is that you should aim to change your password periodically.
-
-
Are we missing your top tip? Let us know on Twitter – we’d love to hear it!
5. I need help with my security!
ECS can offer a range of security products and support to help keep you, your family and even your business safe from a whole range of malicious hackers. Want to hear more? Give us a call on 01553 692727 or send us an email at [email protected].